Interesting Questions Raised by Iranian Twitter Activism

Development (4:10 PM CST): The State Department has been in contact with Twitter to make sure that the service remained available for protestors in Iran. (reuters)

Last Friday, Twitter started to digest the Iranian election results, and the tool became a powerful vehicle for protest and coordination for student protestors within Iran and interested parties outside the country. American Twitterers used the power of the medium to push our own media machine to increase coverage of the story via #CNNFail and #iranelection, and several dedicated observers did some important work to create proxies allowing the Iranian opposition to circumvent network restrictions. While it is amazing to see individuals using technologies such as Twitter to sidestep repressive government censorship, Twitter has also made it easier for observers, a world away, to become active participants in an unfamiliar political system at times taking vigilante action against the server infrastructure of a nation-state.

Like many of you, I am not familiar with the nuance and context of much of what is happening, but, like other observers, you can’t watch peaceful student protestors mowed down by a phalanx of motorcycles and not feel some sympathy. I certainly don’t know what to make of the complex political questions involved in this election. As a technologist, I’m really very focused on the idea that technology can provide a mechanism for the oppressed to circumvent oppressive regimes. It doesn’t matter if I agree with the platform of Moussavi, I resonate with Tom Watson’s “The Revolution Will NOT Be Twittered” article. This is not my presidential election.

That being said, I do think that peer-to-peer, real-time communications media like Twitter are making it increasingly difficult to control the flow of information. Technology enabled something that would have otherwise been impossible, and we will continue to see more and more situations where technology neutralizes repression. “The cat is out of the bag.” I might not be a Moussavi supporter, but I support the rights of peaceful protesters anywhere to text one another, to speak freely, to demonstrate, and to communicate with the outside world. If you are a repressive regime, there are fewer and fewer ways for you to control the flow of information. We’re moving closer to Pesce’s world where hyperconnectivity begets hypermimesis begets hyperempowerment.

Operation Ajax (it had nothing to do with XMLHttpRequest)

One of the things to keep in mind about the current protests is how technology was used in the 1953 coup which was called Operation AJAX. Operation Ajax was the CIA’s first covert operation against a foreign government. Organized with MI6 in 1953, this coup overthrew the existing government and installed a monarchy which lasted until the Islamic Revolution in 1979. You can read about the historical context on Wikipedia, but one of the interesting technological facts about the coup in ’53 is that the “go code” for the coup was transmitted over a new technology – the BBC. In fact, if you pay attention to the Iranian election twitters, you’ll notice that there are some references to “53”: “this feels like ’53”. This is important because one of the themes that emerged in Twitter was the idea that interested Western observers should “support” the revolution by engaging in collective denial of service attacks against Iranian government infrastructure.

Power to the People or A New Operation AJAX?

From TechPresident, Nancy Scola first reported that “Josh Koster of the DC-based political firm Chong and Koster, along with others, has been attempting to crash www.IRIB.ir” using a web application called Page Reboot. Users show up at Page Reboot from a link that directs a browser to continuously reload a page, and such a service can be used to coordinate a Denial of Service attack. On Twitter, many heralded this as a free, “legal” way to shut down the Iranian Government’s information ministry.

It is easy to click on that link and participate in cross-border activism, but before you click that link, there are some interesting questions you should consider. I don’t intend to pass judgement on such action, just to raise some questions about private, cross-border activism.

Private Action Against a Nation-State?

By engaging in a coordinated DDOS against Iranian infrastructure, are you taking part in a private attack against a foreign government? Are you comfortable with the idea of citizens of other countries such as Russia engaging in similar actions in last year’s Georgian conflict? While it feels exhilarating to take part in such action, the fact that citizen actors can engage in such attacks might make it all the more likely that nation-states (including our own) will start to place restrictions on which traffic can cross a particular political border. On an Internet that is ruled by collective action, it feels odd to raise these questions, but it is essential to start the discussion. Is the use of network disruption something that you feel comfortable with? What if the tables were turned?

Are we comfortable with the idea of private citizens using private networks to engage in network “warfare”? By doing so, do we make our civilian network infrastructure a valid target to an adversary? What risks are associated with a group of private citizens sending an unintended message to a potential adversary in the form of a coordinated network disruption?

Violating the Law: Breaking a EULA

When you participate in a coordinated DDOS attack, are you sure that you are not violating the private agreements that cover your access to the Internet itself? While we tend to equate the Internet with free and unrestricted discourse and debate, many of us connect to the Internet via private networks covered by draconian End-User License Agreements. While the legality of coordinated clicks may be up for debate, the fact that it violates the various EULAs you’ve agree to is not. Here’s an excerpt from Comcast’s Terms of Service which (surprisingly) states that you need to not only comply with US laws but other non-US laws which govern your use of the Internet:

[you agree not to] undertake or accomplish any unlawful purpose. This includes, but is not limited to, posting, storing, transmitting or disseminating information…which in any way constitutes or encourages conduct that would constitute a criminal offense, or otherwise violate any local, state, federal, or non-U.S. law, order, or regulation;

By using my Comcast Cable Modem to connect to the Internet, I’ve agreed not to encourage conduct that would violate non-U.S. law. What does this mean in this context? If I retweet someone’s call to participate in a DDOS, am I in violation of this EULA? Check your own EULA for Internet service, and I’m sure you’ll find similar clauses.

Inadvertently Reinforcing Paranoia

One assumes that the protestors are hoping that non-violent protests will inspire a positive reaction from the government they are petitioning. Does broad US participation in a distributed denial of service attack against Iranian government infrastructure legitimize the paranoia and fear that the current regime seems to thrive upon? Most people clicking on PageReboot links distributed via Twitter are not thinking about ’53 coup and the ’79 revolution. Are DDOS participants activating the Iranian leadership’s memory of an earlier time when a government was overthrown with the aid of a new communications technology? If a bunch of Americans start launching “attacks” against Iranian infrastructure, is it going to make it easier for someone to say that the student protestors are clearly aligned with foreign agents?

Interesting Questions

Thinking about this in terms of Pesce’s work, we’ve entered into a world in which the individual has an unprecedented amount of power. Together, groups of people can take collective action to affect outcome of conflicts a world away. I’m not suggesting that Twitter made the difference on the streets of Tehran, but everyone seems to be in agreement that it did have some effect.

Great post. I too have been watching this story for its implications for digital citizenship. I have been working on a book on issues of identity and ownership on the web, and one of the huge issues is this one – do we have the right to transgress national boundaries via the web to disrupt the wishes of the sovereign rights of nations, which are established by the consent of the governed? This is true in Iran’s case right now, because the government is having trouble because it does NOT have the consent of the governed. This is not a rhetorical question at all. I think in many cases we do have the right to trangress, but what principles govern that right, and where exactly do we draw the line? Ron Deibert of the University of Toronto is running a program called “The Citizen Lab” which monitors the openness of various national boundaries by various means; this is an important project. Complete openness is not virtue in every case; I think that nations have the right to keep their borders, including the transfer of certain kinds of information, such as child porn or open slander and blatant copyright transgressions. However, in many cases, such as the current affairs in Iran, the breaking of those barriers is healthy and necessary. We are increasingly headed toward a situation in which the web doesn’t just need the W3C to create standard protocols, we also need a sort of UN of the web to govern multinational principles of cross-border transfers of information.

The unfortunate thing about the DDOS requests is that the vast majority of the DDOS attack, stemming from the US and western world, were said to have actually bottlenecked/caused a slowdown in network traffic to and from Iran. Now, I’m not sure if that’s actually correct or not, or if the slowdown they were experiencing was actually the government further throttling the network, or if more people were hopping on to try to get out, causing a slowdown, or a combination of multiple of the above. Regardless, it’s an interesting thought.

Your blog covers the issues really well for the individual but it leaves out the possibility of responsibility for nation in which that citizen resides. The question that I asked on Matthew’s blog still remains unanswered. “When are the actions of the citizens of one nation an act of war against another nation?” While many people engaged in digital activism with good will in their hearts, they did it as members of their own nation with servers and software located in the US. While US citizens were not operating under the authority of the nation, they were bound by the rules of that nation. Could these actions turn digital activism into an act of war that could make the US libel in an international court of law. And what would happen if the attacked nation would retaliate and start a cyber storm that engulfs many. The US is begining to lay down the foundation of a cyber policy that will take on the issues of responsibility for cyber attacks by other nations. How can the US even attempt to take on these issues when its citizens are engaging in attacks on other nations regardless of how noble the reasons may be.

Faui Gerzigerk

Good questions. I believe that things like this cannot be judged solely on a formal or legal basis (and you didn’t say that). Any regime can make laws, so it would be odd for me to feel bound by these laws, particularly in a context where that regime’s legitimacy is the subject of the whole debate.

On the other hand I do agree that it’s a little scary to have emotionally driven mass movements from one country take action against the government of another one. In Iran’s case that’s particularly problematic because even though the regime there isn’t based on entirely democratic principles, there can be little doubt that the regime has substantial support in the population. So you wouldn’t be acting just against some repressive dictator. You would also be taking sides in a deeply rooted cultural conflict of another country. I’m happy to take sides when it comes to individual human rights, but on a macro political level I’m not so sure.

You’re last question is of particular concern to me. If the Iranian opposition is seen as a proxy for a foreign power that would be very damaging I suppose.

@Jim McNeely, your comments captures the odd paradox we’re in, one thing to think about is that there are different, orthogonal planes of governance starting to confront us. There is the sovereignty of a nation-state (with which we are all familiar and comfortable), then there is international law (which many of us are unfamiliar, potentially uncomfortable with), then there are private EULAs that often create a sort of lowest commond denominator of law. I can see a time where the US gov’t in order to avoid direct censorship starts to ask private companies as proxies to start a more aggressive enforcement of EULAs.

These DDOS are at best pointless, serving less to make one’s position heard by others than to allow one to hear it one’s self and feel that one has Done Something. This would have been a great time for us outsiders to demonstrate the kind of relationship that we want and the kind of neighbors that we value. Shouting down opposing viewpoints is the opposite of democracy and most un-neighborly.

If screwing up someone else’s network is the best we can do, better we do nothing. I don’t believe it’s the best we can do, but I could be convinced that it’s the worst.

Forget national borders; this is about common decency. National borders are an upper layer, so the Internet should ignore them, stick to its function and pay attention to its service interfaces.

Very interesting post. The Web democratize, inside or outside the countries, internet moves more powerful and quickly than the governments. Iran, Cuba, Russia are the best examples, but not the only ones…

Julián Chappa

Brian

Very, very, interesting post. I was thinking similar thoughts over the last week as I watched the news in Iran unfold. It always amazes me to see and hear how people think it is their “right” to use the Internet for whatever purpose they want (DDOS attacks, to steal videos from YouTube, etc.).

I am equally concerned that the US government intervened in postponing Twitter’s planned maintenance. What is the US gov’t doing telling a PRIVATE company when they can do tech maintenance? In my eyes here in the States, that is more dangerous than a DDOS attack on Iran. Our gov’t is stepping way, way, too far into the private sector with this new administration. Take the reverse scenario; what is to prevent the US gov’t from “asking” Twitter to shut down for a few hours? Would Twitter comply? The fact that Twitter did not make the decision to postpone maintenance of their own free will is distressing.

The second I read tweets on participating in DDOS attacks against the Iranian regime’s websites, it made me CRINGE. These DDOS attacks smack of censorship! Do we push for democracy by selectively censoring those we deem the enemy? Because “they” (i.e. Iranian government) do it, does it make it justifable? Two wrongs make a right?

It’s easy to jump on the bandwagon as we ride the wave of support for the Iranian people for a free & fair election process, the right for free speech, civil liberties and so forth. However, in the process, I hope that we don’t lose sight of the basic principles of democracy. Otherwise, we risk being hypocrites with double standards.

Let me switch sides for a moment and play advocate to the Devil. But, let me also be careful and make sure that my scenario applies to a fictious country of “Otherstan”. What if “Otherstan” was undergoing a country wrenching protest in which the majority of the population was rising up to resist a repressive regime bent on total control? What if the most powerful means of repression was the intelligence appartus that this “Otherstan” was using to keep the population under control” and the collective, unsactioned actions of millions of individuals was that “last straw on the camel’s back” that brought the regime down?

Other scenario, what if you reside in a country that has a similarly repressive government? What if you don’t recognize your own government?

For US residents, it seems very clear. We are not foreign diplomats, but what if you live in a (relatively) lawless country?

Tim, agreed, there are many groups which cross national boundaries to which these same kinds of dynamics apply.

Bob – It really is too simplistic to call all blocked speech Orwellian. Is a law against child pornography Orwellian? We have current laws against slander and blatant copyright infringements. Are these Orwellian?

Judy – I agree that the DDOS attacks are counterproductive. However, I think we should be careful about how we throw around the word ‘censorship’, it soon becomes a euphemism for ‘anything I don’t want someone else to do.’ Is there never a time for digitally opposing a government whose practices are disagreeable? Would this always be called ‘censorship?’

Sharon Lesnick

What’s striking about the current ramp up in activity is how many people are “questioning” the role of social networks and social media. This is just more reaction from mainstream media to the change roles of technology.